Add resolved source info in ResolutionRequest status

Related to - #5529 - #5397 Before: The customized status of ResolutionRequest only contains the resolved data. Now: The resolved source reference of the remote data is also added to the ResolutionRequest.status. It is recorded in a structured way using the standard SLSA ConfigSource struct. Why? Recently there is a clear requirement that the remote source information of the remote data should be recorded in the provenance to link back to its origin including the resolved the commit sha when users only provide the branch/tag name for the resolver. Without this PR, the only way to achieve this is to pass the resolved source information through annotations, which has a couple of the drawbacks i.e. unstructured data, hard to maintain and to make changes in future etc. That's where this PR comes in to solve the problem. Signed-off-by: Chuang Wang <[email protected]>
tektoncd · Sep 26, 2022 · 7d7b903 · 7d7b903
1 parent ae9263f
commit 7d7b903
Show file tree

Hide file tree

Showing 230 changed files with 17,321 additions and 4,626 deletions.
diff --git a/docs/resolver-template/cmd/demoresolver/main.go b/docs/resolver-template/cmd/demoresolver/main.go
@@ -91,3 +91,8 @@ func (*myResolvedResource) Data() []byte {
 func (*myResolvedResource) Annotations() map[string]string {
 	return nil
 }
+
+// Source returns the source references of the data. None atm.
+func (*myResolvedResource) Source() *v1alpha1.ConfigSource {
+	return nil
+}
diff --git a/go.mod b/go.mod
@@ -42,6 +42,7 @@ require github.com/benbjohnson/clock v1.1.0 // indirect
 require (
 	code.gitea.io/sdk/gitea v0.15.1
 	github.com/goccy/kpoward v0.1.0
+	github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
 )
 
@@ -154,11 +155,11 @@ require (
 	go.uber.org/automaxprocs v1.4.0 // indirect
 	go.uber.org/goleak v1.1.12 // indirect
 	go.uber.org/multierr v1.7.0 // indirect
-	golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect
+	golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0 // indirect
 	golang.org/x/mod v0.5.1 // indirect
 	golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
-	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
+	golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect

diff --git a/go.sum b/go.sum
diff --git a/pkg/apis/pipeline/v1beta1/openapi_generated.go b/pkg/apis/pipeline/v1beta1/openapi_generated.go
diff --git a/pkg/apis/pipeline/v1beta1/swagger.json b/pkg/apis/pipeline/v1beta1/swagger.json
@@ -140,6 +140,25 @@
         }
       }
     },
+    "v1alpha1.ConfigSource": {
+      "description": "ConfigSource are the source reference of the remote resource in the standard SLSA format.",
+      "type": "object",
+      "properties": {
+        "digest": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string",
+            "default": ""
+          }
+        },
+        "entryPoint": {
+          "type": "string"
+        },
+        "uri": {
+          "type": "string"
+        }
+      }
+    },
     "v1alpha1.PipelineResource": {
       "description": "PipelineResource describes a resource that is an input to or output from a Task.",
       "type": "object",
@@ -308,7 +327,8 @@
       "description": "ResolutionRequestStatus are all the fields in a ResolutionRequest's status subresource.",
       "type": "object",
       "required": [
-        "data"
+        "data",
+        "source"
       ],
       "properties": {
         "annotations": {
@@ -338,20 +358,29 @@
           "description": "ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.",
           "type": "integer",
           "format": "int64"
+        },
+        "source": {
+          "description": "Source is the source reference of the remote data that can be used as a part of the provenance data.",
+          "$ref": "#/definitions/v1alpha1.ConfigSource"
         }
       }
     },
     "v1alpha1.ResolutionRequestStatusFields": {
       "description": "ResolutionRequestStatusFields are the ResolutionRequest-specific fields for the status subresource.",
       "type": "object",
       "required": [
-        "data"
+        "data",
+        "source"
       ],
       "properties": {
         "data": {
           "description": "Data is a string representation of the resolved content of the requested resource in-lined into the ResolutionRequest object.",
           "type": "string",
           "default": ""
+        },
+        "source": {
+          "description": "Source is the source reference of the remote data that can be used as a part of the provenance data.",
+          "$ref": "#/definitions/v1alpha1.ConfigSource"
         }
       }
     },

diff --git a/pkg/apis/resolution/v1alpha1/resolution_request_types.go b/pkg/apis/resolution/v1alpha1/resolution_request_types.go
@@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	duckv1 "knative.dev/pkg/apis/duck/v1"
 )
@@ -78,9 +79,45 @@ type ResolutionRequestStatusFields struct {
 	// of the requested resource in-lined into the ResolutionRequest
 	// object.
 	Data string `json:"data"`
+	// Source is the source reference of the remote data that can be used as
+	// a part of the provenance data.
+	Source *ConfigSource `json:"source"`
 }
 
 // GetStatus implements KRShaped.
 func (rr *ResolutionRequest) GetStatus() *duckv1.Status {
 	return &rr.Status.Status
 }
+
+// ConfigSource are the source reference of the remote resource in the standard SLSA
+// format.
+// +k8s:deepcopy-gen=false
+type ConfigSource struct {
+	slsa.ConfigSource `json:",inline"`
+}
+
+// DeepCopy is a generated deepcopy function, autogenerated deepcopy function,
+// copying the receiver, creating a new ConfigSource.
+func (in *ConfigSource) DeepCopy() *ConfigSource {
+	if in == nil {
+		return nil
+	}
+	out := new(ConfigSource)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is a deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ConfigSource) DeepCopyInto(out *ConfigSource) {
+	*out = *in
+	(*out).EntryPoint = (*in).EntryPoint
+	(*out).URI = (*in).URI
+	if in.Digest != nil {
+		in, out := &in.Digest, &out.Digest
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
diff --git a/pkg/apis/resolution/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/resolution/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go
diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go
diff --git a/pkg/client/resolution/clientset/versioned/fake/register.go b/pkg/client/resolution/clientset/versioned/fake/register.go
diff --git a/pkg/client/resolution/clientset/versioned/scheme/register.go b/pkg/client/resolution/clientset/versioned/scheme/register.go